Nice work! You’ve added columns to the users table and ran a migration to update the database.
password_digest column for? When a user submits their password, it’s not a good idea to store that password as is in the database; if an attacker somehow gets into your database, they would be able to see all your users’ passwords.
One way to defend against this is to store passwords as encrypted strings in the database. This is what the
has_secure_password method helps with - it uses the bcrypt algorithm to securely hash a user’s password, which then gets saved in the
Then when a user logs in again,
has_secure_password will collect the password that was submitted, hash it with bcrypt, and check if it matches the hash in the database.
Now that the models are set up, let’s move on to the rest of the request/response cycle and create the controllers, routes, and views needed for the signup machinery.
Generate a controller named Users.
In the routes file, add these routes:
get 'signup' => 'users#new' resources :users
Next, in the Users controller add the
def new @user = User.new end
Then in app/views/users/new.html.erb, on line 7, use
form_for to create a form with the fields of the
Look back at our Rails exercise on web templating for an example on how to use
form_for in your code.
We’ve provided CSS in app/assets/stylesheets/application.css.
Start the Rails server.
http://localhost:8000/signup to preview the signup page in the browser.
The form won’t work just yet, we’ll finish it up next.